mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-25 15:27:03 +01:00
* Changed variable for default gnupg.org http location from $hGPG
to $hGPGHTTP and update instances of variable throughout FAQ in introduction area and sections 1.1, 2.1 and 2.2 * Added section 1.4 - What conventions are used in this FAQ? + unices vs. win32 (with hyperlink (<Rhomedir>) to section 4.18 for example + gpg.conf vs. options (with hyperlink (<Roptions>) to section 5.8 to note name change * Corrected section 2.2 - Changed ftp URL (both display and link URLs) from "ftp://ftp.gnupg.org/pub/gcrypt" to ftp://ftp.gnupg.org/gcrypt/, and the display URL (not the actual link URL, it's correct) of the http URL from "http://www.gnupg.org/mirror.html" to "http://www.gnupg.org/mirrors.html" * Included variable ($hVERSION) for easier updating of latest gpg version when referenced (as in section 2.2) * Included variable ($hGPGFTP) for default gnupg.org ftp location (ftp://ftp.gnupg.org) for use in sections 2.2 and 4.16 * Corrected section 3.1 visual display of link from "http://www.gnupg.org/gnupg.html#supsys" to "http://www.gnupg.org/backend.html#supsys" * Edited sections 3.1, 3.2, 5.2 to include $hGPGHTTP variable * Corrected section 3.2 - Word typo ("avoided" was "avoiced"). * Corrected / edited section 3.3 - + corrected link: ftp://ftp.gnupg.dk/pub/contrib-dk/ for idea.c.gz, idea.c.gz.sig, ideadll.zip, ideadll.zip.sig + edited section to include all files and added ~/.gnupg/gpg.conf info * Edited section 4.6 - As this section deals with loosing a public key, I added a paragraph containing a hyperlink to the end of section 4.21 ("I still have my secret key, but lost my public key..."). The paragraph reads: "If you've lost your public key and need to recreate it instead for continued use with your secret key, you may be able to use gpgsplit as detailed in question <Rgpgsplit>." * Edited section 4.15 - Added paragraph below table on GPGrelay, an application for MUAs that lack OpenPGP (rfc2015) support to. "Users of Win32 MUAs that lack OpenPGP support may look into using GPGrelay <http://http://gpgrelay.sourceforge.net>, a small email-relaying server that uses GnuPG to enable many email clients to send and receive emails that conform to PGP-MIME (RFC 2015)." suggested by: Andreas John <aj@tesla.inka.de> * Corrected section 4.16 - Incorportated Werner's URL fix for gpgme FTP location to synchronize local CVS with released FAQ version 1.5.8. * Added section 4.19 - "How do I verify signed packages?" suggested by: Christian Reis <kiko@async.com.br> * Added section 4.20 - "How do I export a keyring with only selected signatures?" by: David Shaw <dshaw@jabberwocky.com> * Added section 4.21 - "I still have my secret key, but lost my public key. What can I do?" by: Werner Koch <wk@gnupg.org> * Added section 4.22 - "Clearsigned messages sent from my web-mail account have an invalid signature. Why?" by: David Scribner <dscribner@bigfoot.com> * Edited / Corrected section 5.8 - Changed question from "I just installed the most recent version of GnuPG and don't have a ~/.gnupg/options file. Is this missing from the installation?" to "GnuPG no longer installs a ~/.gnupg/options file. Is it missing?" + Added "An existing options file can be renamed to gpg.conf for users upgrading, or receiving the message that the "old default options file" is ignored (occurs if both a gpg.conf and an options file are found)." to the end of the paragraph. + Corrected ~/.gnupg/gpg.conf (was ~/.gnupg/conf) * Added section 5.9 - "How to you export GnuPG keys for use with PGP?" by: David Shaw <dshaw@jabberwocky.com>
This commit is contained in:
parent
77f99fd667
commit
5c504ac5c5
238
doc/faq.raw
238
doc/faq.raw
@ -7,21 +7,23 @@ The most recent version of the FAQ is available from
|
|||||||
[$usenetheader=
|
[$usenetheader=
|
||||||
]
|
]
|
||||||
[$maintainer=David D. Scribner, <faq 'at' gnupg.org>]
|
[$maintainer=David D. Scribner, <faq 'at' gnupg.org>]
|
||||||
[$hGPG=http://www.gnupg.org]
|
[$hGPGHTTP=http://www.gnupg.org]
|
||||||
|
[$hGPGFTP=ftp://ftp.gnupg.org]
|
||||||
|
[$hVERSION=1.2.1]
|
||||||
|
|
||||||
[H body bgcolor=#ffffff text=#000000 link=#1f00ff alink=#ff0000 vlink=#9900dd]
|
[H body bgcolor=#ffffff text=#000000 link=#1f00ff alink=#ff0000 vlink=#9900dd]
|
||||||
[H H1]GnuPG Frequently Asked Questions[H /H1]
|
[H H1]GnuPG Frequently Asked Questions[H /H1]
|
||||||
|
|
||||||
|
|
||||||
[H p]
|
[H p]
|
||||||
Version: 1.5.8[H br]
|
Version: 1.6.0[H br]
|
||||||
Last-Modified: Oct 8, 2002[H br]
|
Last-Modified: Dec 1, 2002[H br]
|
||||||
Maintained-by: [$maintainer]
|
Maintained-by: [$maintainer]
|
||||||
[H /p]
|
[H /p]
|
||||||
|
|
||||||
|
|
||||||
This is the GnuPG FAQ. The latest HTML version is available
|
This is the GnuPG FAQ. The latest HTML version is available
|
||||||
[H a href=[$hGPG]/faq.html]here[H/a].
|
[H a href=[$hGPGHTTP]/faq.html]here[H/a].
|
||||||
|
|
||||||
The index is generated automatically, so there may be errors. Not all
|
The index is generated automatically, so there may be errors. Not all
|
||||||
questions may be in the section they belong to. Suggestions about how
|
questions may be in the section they belong to. Suggestions about how
|
||||||
@ -44,7 +46,7 @@ you could search in the mailing list archive.
|
|||||||
|
|
||||||
<Q> What is GnuPG?
|
<Q> What is GnuPG?
|
||||||
|
|
||||||
[H a href=[$hGPG]]GnuPG[H /a] stands for GNU Privacy Guard and
|
[H a href=[$hGPGHTTP]]GnuPG[H /a] stands for GNU Privacy Guard and
|
||||||
is GNU's tool for secure communication and data storage. It can be
|
is GNU's tool for secure communication and data storage. It can be
|
||||||
used to encrypt data and to create digital signatures. It includes
|
used to encrypt data and to create digital signatures. It includes
|
||||||
an advanced key management facility and is compliant with the
|
an advanced key management facility and is compliant with the
|
||||||
@ -66,6 +68,35 @@ you could search in the mailing list archive.
|
|||||||
read the file titled COPYING that accompanies the application for
|
read the file titled COPYING that accompanies the application for
|
||||||
more information.
|
more information.
|
||||||
|
|
||||||
|
<Q> What conventions are used in this FAQ?
|
||||||
|
|
||||||
|
Although GnuPG is being developed for several operating systems
|
||||||
|
(often in parallel), the conventions used in this FAQ reflect a
|
||||||
|
UNIX shell environment. For Win32 users, references to a shell
|
||||||
|
prompt (`$') should be interpreted as a command prompt (`>'),
|
||||||
|
directory names separated by a forward slash (`/') may need to be
|
||||||
|
converted to a back slash (`\'), and a tilde (`~') represents a
|
||||||
|
user's "home" directory (reference question <Rhomedir> for an example).
|
||||||
|
|
||||||
|
Also, the indicator used to inform the shell that a continuation
|
||||||
|
of the command will follow on the next line (the `\' character
|
||||||
|
seen at the end of some command strings in this FAQ, and represents
|
||||||
|
a "\<newline>" pair) should be noted. If your shell or command
|
||||||
|
interpreter does not support this convention, the command should be
|
||||||
|
typed in its entirety as a single entry after removing the trailing
|
||||||
|
backslash and continuing with the second line before pressing Enter
|
||||||
|
or the return key.
|
||||||
|
|
||||||
|
Please keep in mind that this FAQ contains information that may not
|
||||||
|
apply to your particular version, as new features and bug fixes are
|
||||||
|
added on a continuing basis (reference the NEWS file included with
|
||||||
|
the source or package for noteworthy changes between versions). One
|
||||||
|
item to note is that starting with GnuPG version 1.1.92 the file
|
||||||
|
containing user options and settings has been renamed from "options"
|
||||||
|
to "gpg.conf". Information in the FAQ that relates to the options
|
||||||
|
file may be interchangable with the newer gpg.conf file in many
|
||||||
|
instances. See question <Roptions> for details.
|
||||||
|
|
||||||
|
|
||||||
<S> SOURCES of INFORMATION
|
<S> SOURCES of INFORMATION
|
||||||
|
|
||||||
@ -74,7 +105,7 @@ you could search in the mailing list archive.
|
|||||||
On-line resources:
|
On-line resources:
|
||||||
|
|
||||||
[H UL]
|
[H UL]
|
||||||
[H LI]The documentation page is located at [H a href=[$hGPG]/docs.html]<[$hGPG]/docs.html>[H/a].
|
[H LI]The documentation page is located at [H a href=[$hGPGHTTP]/docs.html]<[$hGPGHTTP]/docs.html>[H/a].
|
||||||
Also, have a look at the HOWTOs and the GNU Privacy Handbook (GPH,
|
Also, have a look at the HOWTOs and the GNU Privacy Handbook (GPH,
|
||||||
available in English, Spanish and Russian). The latter provides a
|
available in English, Spanish and Russian). The latter provides a
|
||||||
detailed user's guide to GnuPG. You'll also find a document about
|
detailed user's guide to GnuPG. You'll also find a document about
|
||||||
@ -86,8 +117,8 @@ you could search in the mailing list archive.
|
|||||||
the developers.
|
the developers.
|
||||||
|
|
||||||
In addition, searchable archives can be found on MARC, e.g.: [H br]
|
In addition, searchable archives can be found on MARC, e.g.: [H br]
|
||||||
gnupg-users: [H a href=http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2>[H/a],[H br]
|
gnupg-users: [H a href=http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-users&r=1&w=2>[H/a][H br]
|
||||||
gnupg-devel: [H a href=http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2>[H/a].[H br]
|
gnupg-devel: [H a href=http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2]<http://marc.theaimsgroup.com/?l=gnupg-devel&r=1&w=2>[H/a][H br]
|
||||||
|
|
||||||
[H B]PLEASE:[H/B]
|
[H B]PLEASE:[H/B]
|
||||||
Before posting to a list, read this FAQ and the available
|
Before posting to a list, read this FAQ and the available
|
||||||
@ -108,13 +139,13 @@ you could search in the mailing list archive.
|
|||||||
<Q> Where do I get GnuPG?
|
<Q> Where do I get GnuPG?
|
||||||
|
|
||||||
You can download the GNU Privacy Guard from its primary FTP server
|
You can download the GNU Privacy Guard from its primary FTP server
|
||||||
[H a href=ftp://ftp.gnupg.org/pub/gcrypt]<ftp.gnupg.org>[H /a] or from one of the mirrors:
|
[H a href=[$hGPGFTP]/gcrypt/]<[$hGPGFTP]/gcrypt/>[H /a] or from one of the mirrors:
|
||||||
|
|
||||||
[H a href=[$hGPG]/mirrors.html]
|
[H a href=[$hGPGHTTP]/mirrors.html]
|
||||||
<[$hGPG]/mirror.html>
|
<[$hGPGHTTP]/mirrors.html>
|
||||||
[H /a]
|
[H /a]
|
||||||
|
|
||||||
The current stable version is 1.2.x. Please upgrade to this version as
|
The current stable version is [$hVERSION]. Please upgrade to this version as
|
||||||
it includes additional features, functions and security fixes that may
|
it includes additional features, functions and security fixes that may
|
||||||
not have existed in prior versions.
|
not have existed in prior versions.
|
||||||
|
|
||||||
@ -127,8 +158,8 @@ you could search in the mailing list archive.
|
|||||||
Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK
|
Windows NT/2000) and Macintosh OS/X. A list of OSes reported to be OK
|
||||||
is presented at:
|
is presented at:
|
||||||
|
|
||||||
[H a href=http://www.gnupg.org/backend.html#supsys]
|
[H a href=[$hGPGHTTP]/backend.html#supsys]
|
||||||
<http://www.gnupg.org/gnupg.html#supsys>
|
<[$hGPGHTTP]/backend.html#supsys>
|
||||||
[H /a]
|
[H /a]
|
||||||
|
|
||||||
<Q> Which random data gatherer should I use?
|
<Q> Which random data gatherer should I use?
|
||||||
@ -150,7 +181,7 @@ you could search in the mailing list archive.
|
|||||||
|
|
||||||
On other systems, the Entropy Gathering Daemon (EGD) is a good choice.
|
On other systems, the Entropy Gathering Daemon (EGD) is a good choice.
|
||||||
It is a perl-daemon that monitors system activity and hashes it into
|
It is a perl-daemon that monitors system activity and hashes it into
|
||||||
random data. See the download page [H a href=http://www.gnupg.org/download.html]<http://www.gnupg.org/download.html>[H /a]
|
random data. See the download page [H a href=[$hGPGHTTP]/download.html]<[$hGPGHTTP]/download.html>[H /a]
|
||||||
to obtain EGD. Use:
|
to obtain EGD. Use:
|
||||||
|
|
||||||
[H pre]
|
[H pre]
|
||||||
@ -174,14 +205,21 @@ you could search in the mailing list archive.
|
|||||||
|
|
||||||
However, there is an unofficial module to include it even in earlier
|
However, there is an unofficial module to include it even in earlier
|
||||||
versions of GnuPG. It's available from
|
versions of GnuPG. It's available from
|
||||||
[H a href=ftp://ftp.gnupg.org/pub/gcrypt/contrib/]<ftp://ftp.gnupg.org/pub/gcrypt/contrib/>[H /a]. Look for:
|
[H a href=ftp://ftp.gnupg.dk/pub/contrib-dk/]<ftp://ftp.gnupg.dk/pub/contrib-dk/>[H /a]. Look for:
|
||||||
|
|
||||||
[H pre]
|
[H pre]
|
||||||
idea.c
|
idea.c.gz (c module)
|
||||||
|
idea.c.gz.sig (signature file)
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
ideadll.zip (c module and win32 dll)
|
||||||
|
ideadll.zip.sig (signature file)
|
||||||
[H /pre]
|
[H /pre]
|
||||||
|
|
||||||
Compilation directives are in the headers of these files. You will
|
Compilation directives are in the headers of these files. You will
|
||||||
then need to add the following line to your ~/.gnupg/options file:
|
then need to add the following line to your ~/.gnupg/gpg.conf or
|
||||||
|
~/.gnupg/options file:
|
||||||
|
|
||||||
[H pre]
|
[H pre]
|
||||||
load-extension idea
|
load-extension idea
|
||||||
@ -334,6 +372,10 @@ you could search in the mailing list archive.
|
|||||||
which can be obtained by using the --with-colons options (it is
|
which can be obtained by using the --with-colons options (it is
|
||||||
the fifth field in the lines beginning with "sec").
|
the fifth field in the lines beginning with "sec").
|
||||||
|
|
||||||
|
If you've lost your public key and need to recreate it instead
|
||||||
|
for continued use with your secret key, you may be able to use
|
||||||
|
gpgsplit as detailed in question <Rgpgsplit>.
|
||||||
|
|
||||||
<Q> What are trust, validity and ownertrust?
|
<Q> What are trust, validity and ownertrust?
|
||||||
|
|
||||||
With GnuPG, the term "ownertrust" is used instead of "trust" to
|
With GnuPG, the term "ownertrust" is used instead of "trust" to
|
||||||
@ -502,16 +544,21 @@ you could search in the mailing list archive.
|
|||||||
|
|
||||||
Good overviews of OpenPGP-support can be found at:[H br]
|
Good overviews of OpenPGP-support can be found at:[H br]
|
||||||
[H a href=http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html]<http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html>[H /a],[H br]
|
[H a href=http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html]<http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html>[H /a],[H br]
|
||||||
[H a href=http://www.geocities.com/openpgp/courrier_en.html]<http://www.geocities.com/openpgp/courrier_en.html>[H /a] and[H br]
|
[H a href=http://www.geocities.com/openpgp/courrier_en.html]<http://www.geocities.com/openpgp/courrier_en.html>[H /a], and[H br]
|
||||||
[H a href=http://www.bretschneidernet.de/tips/secmua.html]<http://www.bretschneidernet.de/tips/secmua.html>[H /a].
|
[H a href=http://www.bretschneidernet.de/tips/secmua.html]<http://www.bretschneidernet.de/tips/secmua.html>[H /a].
|
||||||
|
|
||||||
|
Users of Win32 MUAs that lack OpenPGP support may look into
|
||||||
|
using GPGrelay [H a href=http://http://gpgrelay.sourceforge.net]<http://gpgrelay.sourceforge.net>[H /a], a small
|
||||||
|
email-relaying server that uses GnuPG to enable many email clients
|
||||||
|
to send and receive emails that conform to PGP-MIME (RFC 2015).
|
||||||
|
|
||||||
<Q> Can't we have a gpg library?
|
<Q> Can't we have a gpg library?
|
||||||
|
|
||||||
This has been frequently requested. However, the current viewpoint
|
This has been frequently requested. However, the current viewpoint
|
||||||
of the GnuPG maintainers is that this would lead to several security
|
of the GnuPG maintainers is that this would lead to several security
|
||||||
issues and will therefore not be implemented in the foreseeable
|
issues and will therefore not be implemented in the foreseeable
|
||||||
future. However, for some areas of application gpgme could do the
|
future. However, for some areas of application gpgme could do the
|
||||||
trick. You'll find it at [H a href=ftp://ftp.gnupg.org/gcrypt/alpha/gpgme]<ftp://ftp.gnupg.org/gcrypt/alpha/gpgme>[H /a].
|
trick. You'll find it at [H a href=[$hGPGFTP]/gcrypt/alpha/gpgme]<[$hGPGFTP]/gcrypt/alpha/gpgme>[H /a].
|
||||||
|
|
||||||
<Q> I have successfully generated a revocation certificate, but I don't
|
<Q> I have successfully generated a revocation certificate, but I don't
|
||||||
understand how to send it to the key servers.
|
understand how to send it to the key servers.
|
||||||
@ -531,6 +578,7 @@ you could search in the mailing list archive.
|
|||||||
|
|
||||||
(or use a keyserver web interface for this).
|
(or use a keyserver web interface for this).
|
||||||
|
|
||||||
|
<Dhomedir>
|
||||||
<Q> How do I put my keyring in a different directory?
|
<Q> How do I put my keyring in a different directory?
|
||||||
|
|
||||||
GnuPG keeps several files in a special homedir directory. These
|
GnuPG keeps several files in a special homedir directory. These
|
||||||
@ -549,6 +597,76 @@ you could search in the mailing list archive.
|
|||||||
on a floppy disk. Don't use "--keyring" as its purpose is to specify
|
on a floppy disk. Don't use "--keyring" as its purpose is to specify
|
||||||
additional keyring files.
|
additional keyring files.
|
||||||
|
|
||||||
|
<Q> How do I verify signed packages?
|
||||||
|
|
||||||
|
Before you can verify the signature that accompanies a package,
|
||||||
|
you must first have the vendor, organisation, or issueing person's
|
||||||
|
key imported into your public keyring. To prevent GnuPG warning
|
||||||
|
messages the key should also be validated (or locally signed).
|
||||||
|
|
||||||
|
You will also need to download the detached signature file along
|
||||||
|
with the package. These files will usually have the same name as
|
||||||
|
the package, with either a binary (.sig) or ASCII armor (.asc)
|
||||||
|
extension.
|
||||||
|
|
||||||
|
Once their key has been imported, and the package and accompanying
|
||||||
|
signature files have been downloaded, use:
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
$ gpg --verify sigfile signed-file
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
If the signature file has the same base name as the package file,
|
||||||
|
the package can also be verified by specifying just the signature
|
||||||
|
file, as GnuPG will derive the package's file name from the name
|
||||||
|
given (less the .sig or .asc extension). For example, to verify a
|
||||||
|
package named foobar.tar.gz against its detached binary signature
|
||||||
|
file, use:
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
$ gpg --verify foobar.tar.gz.sig
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
<Q> How do I export a keyring with only selected signatures?
|
||||||
|
|
||||||
|
If you're wanting to create a keyring with only a subset of signatures
|
||||||
|
selected from a master keyring (for a club, user group, or company
|
||||||
|
department for example), simply specify the keys you want to export:
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
$ gpg --armor --export key1 key2 key3 key4 > keys1-4.asc
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
<Dgpgsplit>
|
||||||
|
<Q> I still have my secret key, but lost my public key. What can I do?
|
||||||
|
|
||||||
|
All OpenPGP secret keys have a copy of the public key inside them,
|
||||||
|
and in a worst-case scenario, you can create yourself a new public
|
||||||
|
key using the secret key.
|
||||||
|
|
||||||
|
A tool to convert a secret key into a public one has been included
|
||||||
|
(it's actually a new option for gpgsplit) and is available with GnuPG
|
||||||
|
versions 1.2.1 or later (or can be found in CVS). It works like this:
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
$ gpgsplit --no-split --secret-to-public secret.gpg >publickey.gpg
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
One should first try to export the secret key and convert just this
|
||||||
|
one. Using the entire secret keyring should work too. After this has
|
||||||
|
been done, the publickey.gpg file can be imported into GnuPG as usual.
|
||||||
|
|
||||||
|
<Q> Clearsigned messages sent from my web-mail account have an invalid
|
||||||
|
signature. Why?
|
||||||
|
|
||||||
|
Check to make sure the settings for your web-based email account
|
||||||
|
do not use HTML formatting for the pasted clearsigned message. This can
|
||||||
|
alter the message with embedded HTML markup tags or spaces, resulting
|
||||||
|
in an invalid signature. The recipient may be able to copy the signed
|
||||||
|
message block to a text file for verification, or the web email
|
||||||
|
service may allow you to attach the clearsigned message as a file
|
||||||
|
if plaintext messages are not an option.
|
||||||
|
|
||||||
|
|
||||||
<S> COMPATIBILITY ISSUES
|
<S> COMPATIBILITY ISSUES
|
||||||
|
|
||||||
@ -599,7 +717,7 @@ you could search in the mailing list archive.
|
|||||||
algorithm is still patented until 2007. Under certain conditions you
|
algorithm is still patented until 2007. Under certain conditions you
|
||||||
may use IDEA even today. In that case, you may refer to Question
|
may use IDEA even today. In that case, you may refer to Question
|
||||||
<Ridea> about how to add IDEA support to GnuPG and read
|
<Ridea> about how to add IDEA support to GnuPG and read
|
||||||
[H a href=http://www.gnupg.org/gph/en/pgp2x.html]<http://www.gnupg.org/gph/en/pgp2x.html>[H /a] to perform the migration.
|
[H a href=[$hGPGHTTP]/gph/en/pgp2x.html]<[$hGPGHTTP]/gph/en/pgp2x.html>[H /a] to perform the migration.
|
||||||
|
|
||||||
<Q> (removed)
|
<Q> (removed)
|
||||||
|
|
||||||
@ -668,13 +786,81 @@ you could search in the mailing list archive.
|
|||||||
--export-secret-keys <key-ID>
|
--export-secret-keys <key-ID>
|
||||||
[H /pre]
|
[H /pre]
|
||||||
|
|
||||||
<Q> I just installed the most recent version of GnuPG and don't have a
|
<Doptions>
|
||||||
~/.gnupg/options file. Is this missing from the installation?
|
<Q> GnuPG no longer installs a ~/.gnupg/options file. Is it missing?
|
||||||
|
|
||||||
No. The ~/.gnupg/options file has been renamed to ~/.gnupg/conf for
|
No. The ~/.gnupg/options file has been renamed to ~/.gnupg/gpg.conf for
|
||||||
new installs as of version 1.1.92. If an existing ~/.gnupg/options file
|
new installs as of version 1.1.92. If an existing ~/.gnupg/options file
|
||||||
is found during an upgrade it will still be used, but this change was
|
is found during an upgrade it will still be used, but this change was
|
||||||
required to have a more consistent naming scheme with forthcoming tools.
|
required to have a more consistent naming scheme with forthcoming tools.
|
||||||
|
An existing options file can be renamed to gpg.conf for users upgrading,
|
||||||
|
or receiving the message that the "old default options file" is ignored
|
||||||
|
(occurs if both a gpg.conf and an options file are found).
|
||||||
|
|
||||||
|
<Q> How do you export GnuPG keys for use with PGP?
|
||||||
|
|
||||||
|
This has come up fairly often, so here's the HOWTO:
|
||||||
|
|
||||||
|
PGP can (for most key types) use secret keys generated by GnuPG. The
|
||||||
|
problems that come up occasionally are generally because GnuPG
|
||||||
|
supports a few more features from the OpenPGP standard than PGP does.
|
||||||
|
If your secret key has any of those features in use, then PGP will
|
||||||
|
reject the key or you will have problems communicating later. Note
|
||||||
|
that PGP doesn't do ElGamal signing keys at all, so they are not
|
||||||
|
usable with any version.
|
||||||
|
|
||||||
|
These instructions should work for GnuPG 1.0.7 and later, and PGP
|
||||||
|
7.0.3 and later.
|
||||||
|
|
||||||
|
Start by editing the key. Most of this line is not really necessary
|
||||||
|
as the default values are correct, but it does not hurt to repeat the
|
||||||
|
values, as this will override them in case you have something else set
|
||||||
|
in your options file.
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
$ gpg --s2k-cipher-algo cast5 --s2k-digest-algo sha1 --s2k-mode 3 \
|
||||||
|
--simple-sk-checksum --edit KeyID
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
Turn off some features. Set the list of preferred ciphers, hashes,
|
||||||
|
and compression algorithms to things that PGP can handle. (Yes, I
|
||||||
|
know this is an odd list of ciphers, but this is what PGP itself uses,
|
||||||
|
minus IDEA).
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
> setpref S9 S8 S7 S3 S2 S10 H2 H3 Z1 Z0
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
Now put the list of preferences onto the key.
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
> updpref
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
Finally we must decrypt and re-encrypt the key, making sure that we
|
||||||
|
encrypt with a cipher that PGP likes. We set this up in the --edit
|
||||||
|
line above, so now we just need to change the passphrase to make it
|
||||||
|
take effect. You can use the same passphrase if you like, or take
|
||||||
|
this opportunity to actually change it.
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
> passwd
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
Save our work.
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
> save
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
Now we can do the usual export:
|
||||||
|
|
||||||
|
[H pre]
|
||||||
|
$ gpg --export KeyID > mypublickey.pgp
|
||||||
|
$ gpg --export-secret-key KeyID > mysecretkey.pgp
|
||||||
|
[H /pre]
|
||||||
|
|
||||||
|
Thanks to David Shaw for this information!
|
||||||
|
|
||||||
|
|
||||||
<S> PROBLEMS and ERROR MESSAGES
|
<S> PROBLEMS and ERROR MESSAGES
|
||||||
@ -882,8 +1068,8 @@ you could search in the mailing list archive.
|
|||||||
http://www.gnupg.org/developer/gpg-woody-fix.txt
|
http://www.gnupg.org/developer/gpg-woody-fix.txt
|
||||||
[H /pre]
|
[H /pre]
|
||||||
|
|
||||||
<Q> I've upgraded to GnuPG version 1.0.7 and now it takes longer to load
|
<Q> I upgraded to GnuPG version 1.0.7 and now it takes longer to load my
|
||||||
my keyrings. What can I do?
|
keyrings. What can I do?
|
||||||
|
|
||||||
The way signature states are stored has changed so that v3 signatures
|
The way signature states are stored has changed so that v3 signatures
|
||||||
can be supported. You can use the new --rebuild-keydb-caches migration
|
can be supported. You can use the new --rebuild-keydb-caches migration
|
||||||
|
Loading…
x
Reference in New Issue
Block a user